From owner-freebsd-sparc64@FreeBSD.ORG Thu Mar 13 21:47:02 2014 Return-Path: Delivered-To: freebsd-sparc64@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 14C2CDA8 for ; Thu, 13 Mar 2014 21:47:02 +0000 (UTC) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E676C2D9 for ; Thu, 13 Mar 2014 21:47:01 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id s2DLl042032672 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 13 Mar 2014 14:47:01 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id s2DLl0Nc032671; Thu, 13 Mar 2014 14:47:00 -0700 (PDT) (envelope-from jmg) Date: Thu, 13 Mar 2014 14:47:00 -0700 From: John-Mark Gurney To: Riccardo Veraldi Subject: Re: SSL acceleration cards Message-ID: <20140313214700.GM32089@funkthat.com> Mail-Followup-To: Riccardo Veraldi , freebsd-sparc64 References: <53217D98.3040408@gmail.com> <20140313163526.GJ32089@funkthat.com> <53220778.7080900@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53220778.7080900@gmail.com> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Thu, 13 Mar 2014 14:47:01 -0700 (PDT) Cc: freebsd-sparc64 X-BeenThere: freebsd-sparc64@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting FreeBSD to the Sparc List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Mar 2014 21:47:02 -0000 Riccardo Veraldi wrote this message on Thu, Mar 13, 2014 at 20:31 +0100: > the problem is that SSL applications like SSH fiel transfer with SCP or SFTP > performs terrivle on Ultra SPARC III CPU, on 1Gbit network LAN > i get only 3MB/s, and this is CPU bottle neck... > i thought that a SSL accel card could help out a bit on my sun blade 1000 > but maybe I am wrong... If you load cryptodev.ko and have a card, you will be able to make use of the accelerator card... depending upon how much you are willing to pay will determine the performance... For example, the hifn mini-pci card w/ a 7954 that is readily available will only do 128bit AES at 19Mbps (bits), so that'd be slower than what you're seeing now... I have not been able to find a card that is >100Mbps that isn't the cost of a complete new computer... Though I'd be willing to be proven wrong.. > On 3/13/14 5:35 PM, John-Mark Gurney wrote: > >Riccardo Veraldi wrote this message on Thu, Mar 13, 2014 at 10:42 +0100: > >>I have a Sun Blade system with FreeBSD 9.2 > >>I would like to ask which SSL acceleration card is well supported in > >>par a iticular for sparc64 platform. > >>Any of the one dor x86 will work also on sparc64 ? > >>anyone uses that on sparc64 platforms ? > >I don't know of any modern crypto acceleration card that is supported > >by FreeBSD... There are many old ones, like the hifn, but when I > >was researching them a while back, the performance was so slow that > >you might as well do software crypto... > > > >The other one is Broadcom's (ubsec(4)) but the faster card only runs at > >1Gbit/s and no support for AES-GCM (though we don't have AES-GCM support > >in the tree, so it wouldn't help anyways)... > > > >I'm not sure if anyone has ever tried to run these cards in a non-x86 > >machine... There could be endian issues w/ the drivers.... > > > >When trying to purchase these cards, either I couldn't find a supplier, > >or the price was so high, it'd be cheaper to buy a whole new system w/ > >a modern amd64 processor that has AES-NI to do it... Even some sub-$150 > >CPUs support AES-NI which can give you 2GBbytes/s per core AES-XTS > >(sans geli overhead)... I did most of my AES-NI work on an AMD > >A10-5700... Though FreeBSD 9.2 doesn't have all the latest AES-NI > >improvements, nor does 9-stable, so AES-NI is only marginally faster > >than software crypto in 9.x... > > > >There are some modern cards out there, but no one has written drivers > >out there, or the vendors are not supporting writing drivers for > >them... > > > >What is your use case that you are looking to use the card for? -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."